Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StringIndexOutOfBoundsException for broken .env file while using ignoreIfMalformed #63

Closed
panzi opened this issue Jun 20, 2024 · 2 comments · Fixed by #75
Closed

StringIndexOutOfBoundsException for broken .env file while using ignoreIfMalformed #63

panzi opened this issue Jun 20, 2024 · 2 comments · Fixed by #75

Comments

@panzi
Copy link

panzi commented Jun 20, 2024
edited
Loading

I use this deliberately really broken .env file to test stuff, and dotenv-java crashes with an StringIndexOutOfBoundsException on it. Is the ignoreIfMalformed option supposed to catch these or is this out of scope for this library?

FOO="

The problem is that isQuoted() checks if the value starts and ends with ", but not that it is longer than a single character, and later normalizeValue() tries to slice of a character from the start and end.

Backtrace:

Exception in thread "main" java.lang.StringIndexOutOfBoundsException: begin 1, end 0, length 1
        at java.base/java.lang.String.checkBoundsBeginEnd(String.java:4601)
        at java.base/java.lang.String.substring(String.java:2704)
        at io.github.cdimascio.dotenv.internal.DotenvParser.normalizeValue(DotenvParser.java:99)
        at io.github.cdimascio.dotenv.internal.DotenvParser.addNewEntry(DotenvParser.java:81)
        at io.github.cdimascio.dotenv.internal.DotenvParser.parse(DotenvParser.java:63)
        at io.github.cdimascio.dotenv.DotenvBuilder.load(DotenvBuilder.java:76)
        at dotenv.Main.main(Main.java:31)
@cdimascio
Copy link
Owner

would you be interested in posting a PR?

@panzi
Copy link
Author

panzi commented Jun 27, 2024

You could just change isQuoted to:

private final Predicate<String> isQuoted = s -> s.length() > 1 && s.startsWith("\"") && s.endsWith("\"");

Or change normalizeValue() to:

    private String normalizeValue(final String value) {
        final var tr = value.trim();
        if (isQuoted.test(tr)) {
            return tr.length() > 1 ? tr.substring(1, tr.length() - 1) : "";
        }
        return tr;
    }

(I just noticed that normalizeValue() has another bug where it used value where it should use tr.)

Or change the last line of addNewEntry() to:

if (value.equals("\"")) {
    if (throwIfMalformed)
        throw new DotenvException("Malformed entry " + line);
    return;
}
entries.add(new DotenvEntry(key, value));

Depending on what you think should happen. I just think there shouldn't an exception be thrown when throwIfMalformed is false.

cdimascio pushed a commit that referenced this issue Sep 1, 2024
fixes #63 string oob with ignore malformed
a9b5737
@cdimascio cdimascio mentioned this issue Sep 1, 2024
Merged
cdimascio added a commit that referenced this issue Sep 1, 2024
@cdimascio
update integrates OpenSSF badging details into README and CONTRIBUTING (
ba7ec54 
#75)

* fixes #63 string oob with ignore malformed

* update README and CONTRIBUTING

---------

Co-authored-by: carmine <carmine@everco.ai>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update integrates OpenSSF badging details into README and CONTRIBUTING cdimascio/dotenv-java
2 participants
@panzi @cdimascio